CVE-2011-4130
published 2011-12-06CVE-2011-4130: Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an…
PriorityP268critical9CVSS 2.0
AVNACLAuSCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.80%
95.8th percentile
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | proftpd-dfsg | < proftpd-dfsg 1.3.4~rc3-2 (bookworm) | proftpd-dfsg 1.3.4~rc3-2 (bookworm) |
| proftpd | proftpd | <= 1.3.3 | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
| proftpd | proftpd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is exploitable only by remote authenticated users — monitor for authenticated FTP sessions followed by unexpected error conditions during or after data transfers, which may indicate exploitation attempts of the Response API use-after-free. ↗
- →The flaw is triggered when a new FTP command arrives while a data transfer is in progress, causing the server to retrieve the response pool for the old command — look for anomalous command sequencing (e.g., commands interleaved with active data transfers) in FTP server logs. ↗
- →Exploitation results in memory corruption and potential arbitrary code execution with the privileges of the proftpd process — alert on unexpected crashes or process anomalies in proftpd daemons running versions prior to 1.3.3g. ↗
- ·Only ProFTPD versions before 1.3.3g are vulnerable; versions 1.3.3g and later (including 1.3.4+) contain the fix. Verify the deployed ProFTPD version to confirm exposure. ↗
- ·Exploitation requires prior authentication — unauthenticated or anonymous-only FTP deployments have a reduced (but not necessarily zero) attack surface depending on configuration. ↗
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vulncheck9.0CRITICAL
vendor_debian9.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jmgj-wg56-hjr9: Use-after-free vulnerability in the Response API in ProFTPD before 1
ghsa_unreviewed·2022-05-17
CVE-2011-4130 [HIGH] GHSA-jmgj-wg56-hjr9: Use-after-free vulnerability in the Response API in ProFTPD before 1
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
OSV
CVE-2011-4130: Use-after-free vulnerability in the Response API in ProFTPD before 1
osv·2011-12-06·CVSS 9.0
CVE-2011-4130 [CRITICAL] CVE-2011-4130: Use-after-free vulnerability in the Response API in ProFTPD before 1
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
VulnCheck
ProFTPD Response API Remote Code Execution
vulncheck·2011·CVSS 9.0
CVE-2011-4130 [CRITICAL] ProFTPD Response API Remote Code Execution
ProFTPD Response API Remote Code Execution
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
Affected: proftpd proftpd
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=a9c54f79-d780-437b-a7f5-a74960e299d5&CommunityKey=8af7f28f-02f1-4107-8639-93a60b6546d4&tab=librarydocuments
Debian
CVE-2011-4130: proftpd-dfsg - Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows...
vendor_debian·2011·CVSS 9.0
CVE-2011-4130 [CRITICAL] CVE-2011-4130: proftpd-dfsg - Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows...
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
Scope: local
bookworm: resolved (fixed in 1.3.4~rc3-2)
bullseye: resolved (fixed in 1.3.4~rc3-2)
forky: resolved (fixed in 1.3.4~rc3-2)
sid: resolved (fixed in 1.3.4~rc3-2)
trixie: resolved (fixed in 1.3.4~rc3-2)
No detection rules found.
No public exploits indexed.
http://bugs.proftpd.org/show_bug.cgi?id=3711http://www.proftpd.org/docs/NEWS-1.3.3ghttp://www.securityfocus.com/bid/50631http://www.zerodayinitiative.com/advisories/ZDI-11-328/http://bugs.proftpd.org/show_bug.cgi?id=3711http://www.proftpd.org/docs/NEWS-1.3.3ghttp://www.securityfocus.com/bid/50631http://www.zerodayinitiative.com/advisories/ZDI-11-328/
2011-12-06
Published
Exploited in the wild